Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

sex sites added to bottom of favourites bar


  • This topic is locked This topic is locked

#1
diggerbarnes

diggerbarnes

    New Member

  • Member
  • Pip
  • 8 posts
Hello there.

I'm quite a novice and completely new to this site, but here are some details which I hope may be of help:

The Wannadoo home page comes up blank and with the title "about blank".
3 sex-related sites are added to bottom of favourites drop down list.
AVG reports many '.exe' files repeatedly, especially after going on online.
Full AVG scan revealed 16 "trojan horse" things, 14 in C/windows, and 2 in C/Windows/system.
(examples: wp.exe, mskmidi.exe, javapb.exe, iedp32.exe, etc) - all are listed as 'Downloader Agent 11or 12. BA or H or Q or D' except for 'mskmidi.exe' which is listed as a trojan horse 'starter page.18.2'

Adaware reveals 27 critical objects, 25 of which are 'coolwebsearch' related.
Coolwebsearch (last merijin version) ran - nothing.
New/updated Cwshredder ran - nothing.

Here is my HijackThis log:

Logfile of HijackThis v1.95.0
Scan saved at 22:52:30, on 10/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\VARIOUS FREEWARE - RECOMMENDED UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=res://C:\WINDOWS\system\awcvw.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
O2 - BHO: (no name) - {94E17571-D9E8-A5B3-5EB9-0650B535AD4D} - C:\WINDOWS\SYSTEM\SYSTG32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm
O9 - Extra 'Tools' menuitem: Dolphin Links Naviga&tor (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.furness.a...sses/CFJava.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.cabourg.n...sCamControl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.m7z....llInstaller.exe



Really hope someone can help.

Thanks in advance.

diggerbarnes.
  • 0

Advertisements


#2
linuxwannabee

linuxwannabee

    Member

  • Member
  • PipPipPip
  • 125 posts
*Edited by an Admin

Please do not ask members to start a new thread in the Malware forum. instead, please let a Mod or Admin know, and we will move the existing thread!

Edited by ~Kat~, 14 May 2005 - 03:04 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP